Weitere ähnliche Inhalte
Ähnlich wie FreeLix: Semplicità & Controllo (20)
Kürzlich hochgeladen (20)
FreeLix: Semplicità & Controllo
- 2. Free LIX : semplicità e controllo Infosecurity07
- 20. Infosecurity07 componenti base: via EPIA CL10000 CF 64MB adattatore CF/IDE 256RAM raiser card PCI --------------------------------- possibili estensioni: quad ethernet pci 10/100/1000 ethernet pci scheda ADSL pci scheda ISDN pci
- 24. Infosecurity07 liscoZero(config)# sh running-config /tmp/mcs.dump.2000145 : :MCS init : :LisCO process 0:3091 (ces) (null) start 1167569374 1:2000 (mcs) (null) start 1167569364 2:7251 (cli) (null) start 1168030504 refer to 7250 3:7250 (cei) - start 1168030504 refer to 7251 : :enable password 4:enable password LLrT4kLLWpgMs encrypted : :interface 5:interface ethernet0 10half 6:interface ethernet1 10half : :nameif 7:nameif ethernet0 outside security0 8:nameif ethernet1 inside security100 : :ip address 9:ip address outside 10.0.0.35 255.255.255.0 10:ip address inside 10.0.1.100 255.255.255.0 : :route 11:route outside 0.0.0.0 0.0.0.0 10.0.0.33 : :access-list : :outside_access_in 12:access-list outside_access_in permit tcp any host 10.0.1.129 eq 22 : :inside_access_in 13:access-list inside_access_in permit ip 10.0.1.0 255.255.255.0 any : :access-group 14:access-group outside_access_in in interface outside 15:access-group inside_access_in in interface inside : :static 16:static ( inside,outside ) tcp 10.0.0.36 22 10.0.1.129 22 : :lix br 17:lix switch br0 3 10.10.10.200 255.255.255.0 40 : :lix vhost 18:lix vhost V0 vid vlisco0 memory 32 switch br0 0 vscsi vroot veth 10.10.10.1 : :lix start 19:lix start
- 27. Infosecurity07 16:static ( inside,outside ) tcp 10.0.0.36 22 10.0.1.129 22 LIX plugin-module ver. 1.0.0 20060307.2236 OOoo-----------------------------------------------------ooOO ../plugin/static.set inside,outside tcp 10.0.0.36 22 10.0.1.129 22 /tmp/mcs.dump.2000439 iptables -t nat -I PREROUTING -i inside -d 10.0.0.36 -p tcp --dport 22 -j DNAT --to-destination 10.0.1.129:22 Chain PREROUTING (policy ACCEPT 16 packets, 920 bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- outside any anywhere 10.0.0.36 tcp dpt:22 to:10.0.1.129:22 oo----- New VIP list generation -----------------------oo Found [10.0.0.35 10.0.0.37 ] VIP defined in [outside] interface Adding alias [10.0.0.36 24] on dev [outside] oo----- New VIP list generation for VRRP --------------oo -rw-r--r-- 1 root root 25 Dec 31 12:49 /LisCO/tmp/VRRP-outside-10.0.0.36.vip -rw-r--r-- 1 root root 25 Dec 31 12:49 /LisCO/tmp/VRRP-outside.vip oo----- Add permit INPUT chain -----------------------oo Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- outside any anywhere 10.0.0.36 tcp dpt:22 0 0 ACCEPT all -- any any anywhere 224.0.0.0/24 0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 1 60 ACCEPT icmp -- any any anywhere anywhere icmp echo-request 0 0 LOG all -- any any anywhere anywhere LOG level info prefix `[I]' OOoo-----------------------------------------------------ooOO 9: outside: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue link/ether 00:40:63:d4:26:70 brd ff:ff:ff:ff:ff:ff inet 10.0.0.35/24 brd 10.0.0.255 scope global outside inet 10.0.0.36/24 scope global secondary outside
- 28. Infosecurity07 65:failover lan enable LIX plugin-module ver. 1.0.0 20060307.2236 OOoo-----------------------------------------------------ooOO ../plugin/failover.active /tmp/mcs.dump.2012282 oo--- Loading VRRP*.vrrp macro ------------------------oo Loading /LisCO/tmp/VRRPAUTH.vrrp Loading /LisCO/tmp/VRRPIF.vrrp Loading /LisCO/tmp/VRRPPOLL.vrrp Loading /LisCO/tmp/VRRPSTATE.vrrp lrwxrwxrwx 1 root root 28 Jun 9 2005 /etc/keepalived.conf -> ../LisCO/etc/keepalived.conf
- 29. Infosecurity07 18:lix vhost V0 vid vlisco0 memory 32 switch br0 0 vscsi vroot veth 10.10.10.1 -bash-2.05b# cat V0 #!/bin/bash cd /virtual/ /LisCO/vDMZ/linuxumlid= vlisco0 con=nullcon0=fd:0devfs=nomountmem= 32M eth0=tuntap, br0-p0 ,FF:DD:00:00:00:0,ubd0=./ vroot CONFMODEUMLID=vlisco0NET.IPADDR= 10.10.10.1 NET.NETMASK=255.255.255.0NET.NETWORK=10.10.10.0NET.BROADCAST=10.255.255.255NET.DEV=eth0NET.GW=10.10.10.200 -bash-2.05b# ls -l drwx------ 2 root root 16384 Aug 17 2005 lost+found -rwxr-xr-x 1 root root 5886116 Aug 21 2005 vmlinux-2.6.11.rc4-um-22052005 -rw-r--r-- 1 root root 67108864 Jan 6 01:10 vroot